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(54) CIPHER COMMUNICATION METHOD AND SYSTEM 

(57)Abstract: €~^*T^"^ 
PROBLEM TO BE SOLVED: To realize a cipher m pp,,^ 
communication system that can continues cipher I- *L b==i J 

communication even when a decoder is changed due to 
a path change on the occurrence of a path fault during 
the cipher communication. 

SOLUTION: Layout information relating to the layout of 
other routers L1 2 to L1 4 capable of cipher 
communication is included in path forming information of 
a router L1 1 that receives are transmits the path 
information such as a routing protocol. In the case that 
any router such as the router L13 on an optimum path 
during the cipher communication is disabled of 
communication, a new optimum path is formed again 
and continues the cipher communication with the other 
router L14 in existence on the optimum path formed again by using a key decided mutually. 
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1 

wis* v M7-^±"c«f*ampiii4aflrf«isii«>i! 
a««M«as«w-e£v^aifcL*> 5 r. t ict 9 * * f ? 

1-«aflW«S«Mra«^-*©**MSriT3 i: i: 

tic, tte^y h^-^iicfcttsaft^a^s^flifiK; 10 

Bt-^affi*i£o 

[is*3S2] ftaflwiKsvi** fcsaff&fixtt* 

5, h!7- : j'^^5»t^l:$ixfcam7 i -^ro«^t;d5 

-e#5*g-tc-5rwam^gxtt^5' vv-tommwi 

mz&mi it 1 * i^vtF^iflr^tncKBijnMi trac 20 
wm«*fit«ffcv^«^ic. mrfstewaftf&ise 

m*g 1 iE«©Bt-^aft*fe 0 
[f»*«3] M£o&tt»jftiirtt**&oa«*ift£ 

it fc£|iPtlc#igi-f 5r tist?t5*y Nl7-^±lc*3 

^era-c-afflx-^ oit*a(t*:tT5 flwaflii'^y 

#a«i««iiai©»»»jjiflMatt, «ME*y n7-^± 30 
•eflF*aflr?r«4aflr«f*»«©E«u:H-*-5Eiifflf* 

«rc«[*©aflri»iiBaiiio'>4< t t-014, «#ait 
f©*aa8»±©aflr«fii»«roE««rit*jaE»cfto 

««P»»11KaftrSJ:5lc«Jii*ix. 

-o{±. misafeis-tiriciarosss^ifsisrSfTL 
aift»tffi-5**iflr^r«B*aflrf*«i*we*asic 

JR0ft»!)fc**:fflv>Tl)(nE«f*a«*«ll+S±5K* 40 

t**aflrt*isi»*K*ai-5rtas-c#6*y M7- 

/ i-#4i-^>fflioaffi' : f^Bt (OKt-Bf-^aif s-tfpa 
mm&mMf$,$i®it. «t^«ftiw,eaif 4mb©k 
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*tt5WEE«flMBOrt*«:3S«f1-5JE3W¥ai:, 

mit \z.m& $ ii^ftasK±onr#aft ?riie«ttoaflr 
atttttu Lfcamf ©rat?© t> &»fc*«rjB^ 
amt^Bo 

tt#^ 4 ettoaflr* mm. 

»#js 5 fE«coa«f mmm.o 

t *o ^aflr>f«ttit(cni-«Eitfflr««:inM-« <t p 

4 CttoaAif IKSiC 

1^*58] HulSMff^Sli, ifc-^affi^lciiKSft 
fcaft^«^BIc|8-rSEB1t#^iS5Dl-5 J; 5 K3E» 

at** 4 iEm»a«^i^^fi„ 

fcaflr«f«S6B^H-r5E«flM8«:*iEi-6J:.5KHff 

»** 4 mm<omm*mmw.o 

1 0 ] tt^ffii>r£&affi'Pft£C0EII£ 

wffi aft t uf ^-affi t * r«p icngii- 5 r. t # t# ^ 
aft«#SB t coF^T-nt^-amsrtT 5 m& t , 

l»lEa«tt^««©«»S**«!EK:4ofc»*|i:iB©a 
K«jattf*fc**ii5itnEE«»«ort*Sr3E*fL» H 

i t tic ^ o*ffc4*aai(Sfc#a-f «flfc©afflr«* 

fllie i =1 v f a - 9 ± lc«fiRi" 5 fc » w ^ 6 ^ 7 A = 
[0 0 0 1] 


3 

b*t t j: a a Bi«i«4* prtB^aflr , 19 m 
p$SttS:toii{f, wtpi:) *it*a« «■»«««: 

[0002] 

[fi£5fe<0&flf] IP (Internet Procotol) *y M7 — 10 
r t ic J: oTBt-i-afiSrtT 5 Jfcffii #*» 5„ 

[0 0 0 3] I P*y hy-^lw*3V^TB&-§TiftlClfflV^ 

K E (Internet Key Exchange : Bt^^^MS) 

ft SrffifflUI P^y hWWfcU S« 

w0>«fc#iSLfc* (1K-JH0 Srfflwc/^yh 

[0004) tw5f, I P^y M7 — ^SrffifflLTii 

fc^-cHi, OSPF (Open ShortestPath First) 3| 
(O/V—TJ hayl'Srfigffl , A*— 

LfcU L-caflteBfcStfSi irtfT-tS. -oS 9 , g 

So £TF. £H&©a«ia«J!ril!0*e«:IftW1-$. 
[0 0 0 5] (1) ;v-r^y^/n ha^ftfflLfc 

0 51-, aftg«T 1 1 i:I«gf 1 2t© 
WW I P*y hlP — 9±<OJ—Y'\Z;U—9Nl 1~N1 

3SBT1 *N1 1-*^— *N1 2-»^Nl 

3-»^-^N 1 5-»SfS3SttTl 2, fcS^li-troiah? 40 
J)!), #A~-*N 1 1~N 1 5 lis SVS^o-CV>5g 

aftK&JBjfcL-C^S. 

[0 0 0 6] wWftjg&S&tC&^T. A — 9 N 1 3 ICP$ 

s^^Lfc»-g-ii, eir© ± ? fe#w-eara©@«& 

1 9 » A--* N 1 3 lc|»*#|8± L/c r i: 4rttjffli-5. 
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tv»i5. H«|jttPLfc^Ni2ii. r^-s-ews 

tj «?coti!fR&. ^-f-fi/^D h=A-©*|6KJ: 

0, IWtS^Nil, N 1 4 Mayn't" <5„ ^ftfc 
©a*fl1f$ftli, JW!t5^-#Ni SfcfcSJ 

gitjS1~A— 9<o9fc— zf) <o-t^-x<oju~9 ic.a&& 
ftS, r.wJ:5l£»fL.<a*n*ii4flWHcJ:9, #a~- 
* N 1 1 , N12, N14, N15 as&o&g&^jjfctf $8 
ttBSf**t, Ptg&&©ttfr 9 icftSif fftfo 
*>, aftSISTl 1-»A"- ?N1 W/1'-?N1 
-^Nl 4-»A~- *N 1 5-»afSSBT 1 2<DSK^|f 

[000 7] (2) /<y*Ty7WBMa»fJtr«SL 

m 6 ii* Lfcaft x i» w * <n h zfr— 9 , 0y x. 

-^Nl 2|;^y^7-y7*S^^«ll6^fo9> A~-* 
N 1 2 #*tt8KH*fttfX± Ufc r t *WB Vtc®& 

(y ^©w«w-y ^ <msim*) s ^--^r? 

*) , A— ^Nl 2 It, *v9TrfUSOBL 

[0 0 0 8] 

[3si^*5^u«t 5 1 u-c^-siuH] a»a««)**6 
■f, Bt-^am^o-cv^sfttpicftsss&iwp*^^ 

y ^ T y 7«»»jairtB«:fflv^-C2BlHS**l*1-S - 

tas-cta. La»Lft*fe, ^afios^n, a— t- 

4S9--/U Y^fr<T>W&hZ>^\t'*v9Ty-f%&k'^<r> 

mmmm t it «a« o«ie * ic 4 o x v ^ 5 <t 

R#Ottlft*0**-CH:, P^^y 
[0009] rr-eii, H7i:*m*. * 

-9 N 1 2 tBt-f-^BM 2 15;^ LTaft^fiT 1 1 ft 

mmzti, a/-*ni 5i;ia«st«T2 2jws*tsix, 

$ bfclA'— *N 1 2 t/W— 1 5 fcCOPfllC, ZtL^n 
Bf^gM2 2, M2 3&m\l\z&tiL£tl1t I P^y h 

[0010] #A^— ^ N 1 2 , N 1 5 RXfif$%'3im.M 2 

1, M2 2li, S^K»oTV^5ffl»Jgriifll#*:SS»b 
M\ ^y M7-^M©*a«lS«:*fifeU'CV^. IE« 
BflciBltSftigSSS, o*9a#iKH-Ci|HlCLfc»£-© 

SSSfi, affi^fi T 1 1 -^Bt^g?aM g 1 — >A'— ^ N 1 
2 ->li£-§-3£ttM 2 2 ->A— ^ N 1 5 -^aft^fiT 12t 
foO, Bf^gM2 1li, aff^ST 2 2*»P 3 jiffl:$n 

s^yh*. iiSBi:Bf#^fiM2 2 tonvm^h 


(4) 

5 

[0 0 1 1 ] rrottfiT, R£4H£gM2 2Vffiib1>><n>& 

&x#fit>ti* KiSB^aflrscT 1 1 -»* *khm 

2 *N 1 2-»flHH£iSM2 5-» 

3\ HfSfM2 1 &HHH£BM2 3 toWJ-cfflv^bix 
38 (fflittfttB) 14. MJfcLfcteAiliJl&o-O* 
3, L*»L, «#StjtM2 1-eHt, hOiS&flHfc 
(iift^STl 2) fcfcljJSfcV*©?, iift^eTl 1 

*»e»afBasaTi 2«»cj3Htsn5f f -*o»*fflii«r io 
SI A*>ib^B fcaas-J-'** -efcsri £&*©a— x 

hayu*»f,l4SK-t-5z.i:^-e#/j:v\ *©fc 
», Stt'<4ry httflf*&«M2 1 T?*A-CT(HHbS;h, 
Sri lift!?, «BSrfflV>5Bf#S«M2 3tfttrixSr 
fcvvo-e, «f*a«fcleHt1- 

[0012] It-JjaflTfcfi, mtBftOT K fc*tr I 

<DT Kw^SrStf I P^y^ttLTaftSrffS 20 
;WEr-K£, aflrjfeTKU^I4«f*ft*T, /<<rvHJ 

fo3tfs, ^-ffi©*-- K"Cb, -tl2©J: 5 icsg-i^JtM 
2 2 -ClWFas*^ Ufc ir^lC. Hf -5H£@M 2 1 T-flU© 

[0013] ioi 5 ftHQBIi, Rft*aftfK:&lg|*S 

mm u— k) fffcic^-^, whsii, a«ss 
K*5^-ck#»K£C3 0 rnf±, ft*©;:©®©^ 30 

[0014] t^-cjWMjti, ffnrjiaflr&ireaffi* 

a#fl2«:ff 5 S1K©EWftj£l::XK#& Cfc*8"e*>o 

3 J: 5 tr 3£»£g#1-3 Z. t 3 HI® t 

■f 5. 
[0 0 15] 

[BWfc**i-afc»©*ai ±e»H*#ftfc«>. * 40 
*A3;ftfci**a«#ife, HWifl'/^fA, 

[0 0 16] *|gPJOBt-^a^f*fell, S^IfflaffiiBf 
^•amtSrlH^ir^a-t'^r i^ftay h!7 — 

t6fca«*«J£II©EBfcHi-SE1I1W«*£tfBrJ£© 

u rwftjgssgi^^i-eafs^^awT-aftT- 50 
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^oiM-aflrSrtriifctl^ SHEAS' b »7-* ±k:*j 

it5aft«i'**«©*j«*«M*nfc»#icwiE«!S» 

*ifc*att»(c#i-*«f*afliRriB*afli«t'iefiitDi]-e 

tzftrnti-Zo &mm*m8iWte. fcsa^exn 
h7-^^(pj*>5Bif^b$ttfcamr-^roa^ 

$ft£§E&LTio# % tt©affi?tt£»a>b&K«/£fflrtt 

4rS»t«io/c t # icnt^amft^BiiiEsasiJwat n esse 

[0 0 171 *3BW©flH3Tlflr^yAi*» j3r3£©&& 

»<a«««r«*©aflt«i»«g6«w-eEi^fcSE»Lib 5 - 

i ic i 9 S! pjfflam i it^aflr t trisii*fc*5M-5 r t 

<ommm&\zfflE-f z> aft ^rn^BH -cam^- * 
*a««rff 5i**i(t*>^yA-e*>5. «-am^«i^B 

4afllf«Hfi*©B«ltHi-5E«nMRtr*tft)0-cab 
9, ««oa««f«*«©*J!e<i:'t>-oi4, ««aft 

«f o*asK±roa« fttsaioQEiiwA^XK o 

fcri trttft Lfc 1 1 icigBKIEItoBBnHRfcttoa 
«+«B6«lta»i-<5 i 5 Jx x />*•< 1 4>tto 

-on, MEaft«r«2:(cia«>Slg»jft1im«rXirL 

®sssti#-rsift^afiw«g/j:a<ti ] ^gM-cffi5:ic 
tt 9 *»fc8^ffl^THuiSBt^-a«^*»iKi-5 «t p ft* 

[0018] ^Wroaffi^^Sfitt, MSoSK^fife 

a»s:»«^si: it>icr©*a»»ic«Rt"r5flioa 
ft^ ikssb i <nmx*m*mm*'<7 5 a« fttscc: «v ^ 
t, meiEtt&j&fliFtti*. >f#aftRiffi«afli>fffiitfli 
oE»fcHi-*Einf«t*tft>©T?*)9-, wwawt 
Ka«ft#i*s««>aflrf«afiB*aflr^ttic*ofc 

i: # K: g E©iS8&^^(^*ix5 mliEEtttfm©!*! 

ffl«±o«f*a«?r«ftffi©aflr«i'itt««*awirs* 

ftt*«*., aKttWLfcaflr*«««i:©l«]T»Bi9ft 
*fe«*fflv^-C«F*a««rli«i-5r i: Sr#mt1-3$l 

[0019] SK^tt«a, <t d jUM«jfc«Bfje©A' 
-f-fy^n bn^ncs^^-cteroafl^sai:© 

^5y-K«)EBKH-J-5fll«aW*«Dy-KiSflH3ra 
flT*lfi©»*i:-*-*a{BfiBro«ffliJ«f*Sr*tft©t?*> 


7 

&^*frtt3K>' — Kt ©WJ-efcayfctfT 5 r t -ewiB 

[0 0 2 0] attWg§fc11£:fert*Xffi¥fkf*. P»*i 
ft * Kafll *m t tt o fc aft tlgf&lt fe 5 4I£ II %i% 
tH1-5EiMMR*rl|iJ(*L, l**a<t'f'£JaR$*ifc9 

Lx iffrottWz&ttSjxfcaff^ttlfiBasfcS^tt 
^ftfc H-f- 5ffiBfiS$a jE-J- 5 . 
[0021] #3&Wtfss#1-5E®St#li, Pf#a«*T 
ttfeaffi*J^ft©GBKOT 3B11flr**£trjfr£© 
1 4: K» »«Tffla«*lfr*a«fc*IBW 

B&£»f SSSigfc, affitt#S«&©n-cnH|iiAfr 
*T58&fg£> fnBatttt¥gC©ttj*#gXK:&ofct§ 

SrJEfr U K*a©&l»*&ffitt* t> t ttKfcttft&S 

*tr«jai-5 1 1 fc, r. ©j&rfc/,£gig£8gir#£-t-5 

[0 0 2 2] 

= A--?fcJxtf , if© y Knf-ii-aff nlfBfclSflS 

ftx-^^i§ft1-5^^, 8«5te©flHHS«fc*W£Lfc 
5 £*Sr*J&fcfi 1 *.5J: fc*5, @©teffl-£ 

[0 0 2 3] ±^©B&*ii{f «*.tfB 1 iC^-f- 

«t 5 fctSiS $ ft, 5 Straff x a k i o r Ute-f 5 r 
5. r©St*a^t->^x^lli, a*yM7- 
*±fcES;Kfci£flrfli©afI81IT li, 0* y M7- 
^±tia*^fcgflMii©aflHS«Ti 2, :hboifl 
361MI^41-5**k©/i'-^, l-fctofcA/u-* l l 
1, D;U— *L12. B;U-*L13, Ol — *L14 
*©tt©*y h7-^«rit«flSr**» iSW^aff £Pf 
#a«i*H«*fc3m?S6J:5Kfilfifc£;ti5. a*y 
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YV-yk&*y hV — r- kltsOfi—^y h©J:5* 
/£4!ci§fiffl£r:fr LT^ilSSc?HTV'>5 t©fci"5 0 

[0 0 2 4] &vU<-*L 1 1~L 1 414, ^^DMC 
PU£W-f 5-«© = >fc^ tfflCPUii 
M*©BMI#fcBft£*tfc3 p n y-yK-n- KfcRJWfc 
A/T-Uff $ ti 5 r t Id J: -o TflM $ ft 5/w-x -f V if-f 

&t#-c&5#> cD-ROM^©piaettiE^^srac 
tin, ji«i*fc±«HjfcfiB»«*fc-f ^* h-* 

$tt5t©TJ>oTt6V\ /l — f^^D[.3;K5 
«|g|COV>T« > {£&©A'~*©t>©fc£*ftfc:f±|qc 

-rs&B»A1ftttK&©=o©ffl|fr£tiK ahim© 
4MB*rM»**«i5KUfcj»"X?«*©^-*#«*« 

«fli:&ft5. 

(1) «F*iflr*tTJt*/-K (yw-*) OEI^v 
20 ^7i-^ID 

(2) *©/-KaJrtf*a«sat©#*i:i-5a«ft» 

I D 

#J: rA/w~^tJ:*jrtii**l«©»* (afllSRi 

D) tt x a*y YU-^RXIy^y ©a« K*t 

1-5t©r**)5j 

1th<D\Zt£Z> 0 &i?Uil P*y M7 — ^©OS PFffl» 
30 ^-tt, ^-f5LSA (Link State Advertisement) K 
*©ttf«*:*»5ii:K45. 

[0 0 2 5] H^MtOii&niT, #A^-* 

l±, CtT©J:5fcL-C«F*afll*rtT5. 

( 1 ) Ht#aftnj£»*©afis?s i Dic^jc-rsaft 
^bx-^^4^1-5. 

: rA^— ^4raiai-5^^y K©y-^T K^*# 

40 -> 3 y7 Kw*#aftgi&I Dfci8-&1-5©-C, Bf-^-a 
<t©»*ti-5j 

(2) Bf*ffl©iSlf4, a<t SBSicmi-5a«^K I D 
«r'»ofcy-K©fc©S:T-©«»LTV^5»^tt**t* 
^tBLT^ffl-t5„ «*:(R«rU-CV^j!cv^»^|l, ^©y 

- k t©fflfH4^^fT5-«bT\ mzm& 
-^tv^Wf-^afli^iB^u-^asflRaEL, ^©b^ 
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[0 0 2 6] 4*3, W±oatg«, £TO/U-*Ll 1 
[0 0 2 7] JJclc, *SOIi»«coi**l«5/^y A 1 

isafweiBSriMil-*. rr-ctt, m^coi^ic, a 

*y h!7-*rt0>af§3SBT 1 1 tA/V-^L 1 1 Pfl4> 
^^F!7-nK^^ ri63. 135. 10.0/24J , 
M7 — ^rt(©ii«3j|«T 1 2 irB/U-^L 1 3Xf4C^ 
-^L14i(0^y?7x-^7K^^ ri63. 13 
5.20.0/24J % A;V-?L1 1^^7x^7Kl^ 
T163. 135. 100. 10J , B^L13WV?7x 
-^7K^# T163. 135. 200. 20J , C/^LHO 
^^b!7 — ^TK^iS Tl63. 135. 300.30J 

"?fc£±|EO S P F©&AfrfroTtt#attfcfi 
W««:*rr6 0 OSPFt^o^Ttt, BBRWBBIETFTS 

fTLTV^tt«RFC2328, RFC113K STD0054|£BftHBfcE 

[0028] OSPF -ettffl *tt5fttt»ritflM», 1"4 

h (L S A : Link State Adv 
ertisement) <Doh. %t>V—9 LI 1-L14 ^^fg-J- 

9lD y y>9f s -9&&K3&£tiXtS*> % Ztl\CB3& 
£ ti & if m iaoT ^ ^ffecoyw- 9 £>EB lc BB1" 

£#T*#5J:5fc45o HI 3 14, /w-^^^ftyg 

-tixtit-rsy >^ i d, v^9f-9(Dmt^ 

Lfcfc<0T»*5. ^7*1-4(4, Ktf<D;u-9&MtVt 

[0 0 2 9] LSAJ4, #/U-^L 11-L1 4 "CJ^T 

i<to)\'—9ftWk<OJi'—9 t <BIB^Bf ^afS&fToTV^ 
tiff. «f*afllfflLSAt*jfc»€-Ct5 0 * 
>f^50LSAt?!)^ IDiS ri63. 135. 100. 10J , V 
>9 7 t —9t* ri63. 135. 20. 0/24J T*fotU4\ rcOLS 
ASrSHftfc ri63. 135. 100. 10J i7K^tUfto 
;V-^{4, ri63. 135. 20. 0/24 J tV^p7F^?r)to 
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y >9 i d$"cih c*Cs y>9 s f-9 ri63. 135. 3 

0. 0/24 J OLSAiSfcftli, /I'—* ri63. 135. 100. 10J 
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* NOTICES * 

JPO and NCIPI are not responsible for any 
damages caused by the use of this translation. 

1. This document has been translated by computer. So the translation may not reflect the original 
precisely. 

2. **** shows the word which can not be translated. 
3. In the drawings, any words are not translated. 


CLAIMS 


(57) [Claim(s)] 
[Claim 1] 

It is the cryptocommunication approach of performing communication link for Takayoshi, and 
cryptocommunication through a network realizable to coincidence, 

The optimal path on a network is formed by exchanging mutually predetermined path formation 
information including the arrangement information about arrangement of the communication link 
repeating installation in which cryptocommunication is possible among two or more communication 
link repeating installation, and suiting on said network. While performing cryptocommunication of 
commo data between the communication link repeating installation which exists in this optimal path 
When the configuration of the communication link repeating installation on said network is changed, 
said path formation information is updated and it is characterized by continuing said 
cryptocommunication using the key fixed mutually between the communication link repeating 
installation which carries out the reconstititution of the new optimal path, and consists in the optimal 
path by which the reconstititution was carried out and in which cryptocommunication is possible, 
The cryptocommunication approach. 
[Claim 2] 

Each communication link repeating installation records the identification information of the 
communication device or a network, when a decryption of the enciphered commo data which goes to a 
certain communication device or network can be performed, and when said path formation information 
is received from other communication link repeating installation and the cryptocommunication point 
holds the same identification information as said identification information, it is characterized by settling 
on said key between communication link repeating installation besides the above, 
The cryptocommunication approach according to claim 1. 
[Claim 3] 

It is the cryptocommunication system which performs cryptocommunication of commo data between the 
communication link repeating installation which forms the optimal path on the network which can 
realize communication link for Takayoshi, and cryptocommunication to coincidence, and exists in this 
optimal path by exchanging predetermined path formation information mutually among two or more 
communication link repeating installation, and suiting, 

The path formation information on each communication link repeating installation includes the 
arrangement information about arrangement of the communication link repeating installation in which 
cryptocommunication is possible on said network, 

At least one of said two or more of the communication link repeating installation It is constituted so that 
the arrangement information after the modification concerned may be notified to other communication 
link repeating installation, when it detects that the arrangement configuration of the communication link 
repeating installation on the optimal path under cryptocommunication w'as changed. Other one [ at 
least ] While updating the path formation information on self based on said notice and carrying out the 
reconstititution of the new optimal path to it, it is characterized by being constituted so that said 
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cryptocommunication may be continued using the key fixed mutually between the communication link 
repeating installation which consists in the optimal path by which the reconstititution was carried out 
and in which cryptocommunication is possible, 
Cryptocommunication system. 
[Claim 4] 

While forming the optimal path on the network which can realize communication link for Takayoshi, 

and cryptocommunication to coincidence based on predetermined path formation information, it is the 

communication link repeating installation which performs cryptocommunication among other 

communication link repeating installation which exists in this optimal path, 

Said path formation information includes the arrangement information about arrangement of the 

communication link repeating installation in which cryptocommunication is possible, 

An updating means to update the contents of said arrangement information included in the path 

formation information on self when the arrangement configuration of other communication link 

repeating installation in said optimal path is changed during cryptocommunication, 

Path means forming which forms a new optimal path based on the path formation information after 

updating, 

It has a detection means to detect other communication link repeating installation in which the 
cryptocommunication on the newly formed optimal path is possible, 

It is characterized by continuing cryptocommunication using the key fixed between the detected 
communication link repeating installation concerned, 
Communication link repeating installation. 
[Claim 5] 

it is the information by which said path formation information is mutually delivered and carried out 
among other communication link repeating installation based on a predetermined routing protocol, and 
the information about arrangement of the node which can perform cryptocommunication, and its node 
are characterized by fixing said key based on said identification information including the identification 
information of the communication path made into the object of cryptocommunication implementation 
Communication link repeating installation according to claim 4. 
[Claim 6] 

When the key fixed between nodes with said identification information is held beforehand, the key is 

****(ed), and when the key is not held, it is characterized by securing said key by performing key 

generation between the nodes concerned, 

Communication link repeating installation according to claim 5. 

[Claim 7] 

It is characterized by updating said updating means so that the arrangement information about the 
communication link repeating installation used as communication link impossible may be deleted during 
cryptocommunication, 

Communication link repeating installation according to claim 4. 
[Claim 8] 

It is characterized by updating said updating means so that the arrangement information about the 
communication link repeating installation extended during cryptocommunication may be added, 
Communication link repeating installation according to claim 4. 
[Claim 9] 

It is characterized by updating said updating means so that the arrangement information about the 
communication link repeating installation moved during cryptocommunication may be corrected, 
Communication link repeating installation according to claim 4. 
[Claim 10] 

The function which forms the optimal path on the network network which can realize communication 
link for Takayoshi, and cryptocommunication to coincidence based on predetermined path formation 
information including the arrangement information about arrangement of the communication link 
repeating installation in which cryptocommunication is possible, 
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The function to perform cryptocommunication between communications-partner equipment, 
The record medium with which the program code for forming on a computer the function which 
continues cryptocommunication using the key which fixed among other communications-partner 
equipments which exist in this new optimal path while update the contents of said arrangement 
information included in the path formation information on self and forming a new optimal path based on 
the path formation information after updating, when the configuration of said communications-partner 
equipment is changed was recorded and in which a computer readout is possible. 

[Translation done.] 
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TECHNICAL FIELD 


[Field of the Invention] 

Modification of the configuration of communication link repeating installation arises during 
cryptocommunication, and even if this invention is the case where an optimal path changes, it relates to 
the cryptocommunication technique for continuing cryptocommunication safely in the network which 
the communication link for Takayoshi (it is the same the communication link which has the 
communication link in which the automatic continuation by path change is possible, i.e., failure-proof 
nature, also in the time of a failure, and the following), and cryptocommunication (it is the same the 
secret communication link using a code technique and the following) can realize to coincidence. 
[0002] 


[Translation done.] 
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PRIOR ART 


[Description of the Prior Art] 

The gestalt of the cryptocommunication performed using IP (Internet Procotol) network is known better 
than before. This kind of cryptocommunication is performed using the key (a cryptographic key / decode 
key) generated between the encryption equipment of a transmitting side, and the decryption equipment 
of a receiving side. As a gestalt of the communication link in this case, there are a gestalt which 
performs cryptocommunication by end to end, and a gestalt which performs cryptocommunication by 
arranging the communication device (following, "data encryption equipment") which performs 
encryption and a decryption of commo data, for example, a packet, on a communication path. 
[0003] 

As a procedure of generation of the key used for cryptocommunication in IP network, key exchange, and 
a key setup, various technique, such as an IKE (Internet Key Exchange: cryptographic key generation 
procedure) method, exists, for example. A transmitting side enciphers an IP packet using this generated 
key (cryptographic key), and a receiving side decrypts a packet using the key (decode key) 
corresponding to this key. 
[0004] 

By the way, when a certain failure occurs at an optimal path in the midst which is communicating using 
IP network, a communication link can be recovered, and using the backup routing function which the 
communication link repeating installation itself, such as a router, has. [ using routing protocols such as 
OSPF (Open ShortestPath First), ] That is, an alternate route can be set up automatically and a 
communication link can be recovered. Hereafter, the outline of these communication link methods of 
recovery is explained. 
[0005] 

(1) When a routing protocol is used 

As shown in drawing 6 , suppose that routers Nl 1-N15 are connected to the node on IP network 
between a communication device Tl 1 and a communication device 12. The optimal path of forward 
always exchanges mutually the information [ information /, i.e., express which router and 
communication link are directly possible for each router, / the communication device Tl 1 -> router Nil 
-> router N12 -> router N13 -> router N15 -> communication device T12 or its path formation 
information / information / which is reverse and has mutually each routers Nl 1-N15 ], and forms the 
optimal path between networks. 
[0006] 

In this optimal path, when a failure occurs in a router N 13, the following procedures recover a 
communication link. 

First, the normal router N12 which carries out proximal to a router N 13, for example, a router, detects 
that the failure occurred in the router N13 by the function of a routing protocol. The detection approach 
is determined by the routing protocol. The router N12 which* detected the failure notifies information, 
such as "an old path was not able to be used" or "the link having been lost", to the adjoining routers Nl 1 
and N14 by the function of a routing protocol. Such notice information is relayed also to the adjoining 
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router N 15, and, thereby, is notified to all the routers of a routing domain (group of a router who 
delivers routing information). Thus, the path formation information which each routers Nl 1, N12, N14, 
and 15 have is updated by the information notified newly, and the reconstititution of the alternate route 
which becomes instead of a failure path, i.e., the path of the communication device Tl 1 -> router Nl 1 -> 
router N12 ~> router N14 -> router N15 -> communication device T12, is carried out. 
[0007] 

(2) When a backup routing function is used 

A backup routing function is in a certain router N 12 in the communication system shown in drawing 6 , 
for example, a router, the case (polling (supervisory signal) the existence of a link --) where a router N12 
detects that the failure occurred for the junction path it is based on keep alive (signal for confirming that 
the circuit is not downed) etc. a router N12 is changed to the alternate route (backup path) set up 
beforehand based on a backup routing function, and maintains a communication link. 
[0008] 


[Translation done.] 


http://www4.ipdl.ncipi.go,ip/cgi-bin/tran_web_cgLeiie 


10/25/2006 


JP,3821990,B [EFFECT OF THE INVENTION] 


Page 1 of 1 


* NOTICES * 

JPO and, NCIPI are not responsible for any 
damages caused by the use of this translation. 

1. This document has been translated by computer. So the translation may not reflect the original 
precisely. 

2. **** shows the word which can not be translated. 
3. In the drawings, any words are not translated. 


EFFECT OF THE INVENTION 


[Effect of the Invention] 

Even if it is the case where modification arises to the equipment to decrypt, i.e., a key, as a result of 
making a path change during cryptocommunication according to this invention so that clearly from the 
above explanation, there are insurance and characteristic effectiveness [ say / that it can continue now 
certainly ] about cryptocommunication. 
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DETAILED DESCRIPTION 


[Detailed Description of the Invention] 
[0001] 

[Field of the Invention] 

Modification of the configuration of communication link repeating installation arises during 
cryptocommunication, and even if this invention is the case where an optimal path changes, it relates to 
the cryptocommunication technique for continuing cryptocommunication safely in the network which 
the communication link for Takayoshi (it is the same the communication link which has the 
communication link in which the automatic continuation by path change is possible, i.e., failure-proof 
nature, also in the time of a failure, and the following), and cryptocommunication (it is the same the 
secret communication link using a code technique and the following) can realize to coincidence. 
[0002] 

[Description of the Prior Art] 

The gestalt of the cryptocommunication performed using IP (Internet Procotol) network is known better 
than before. This kind of cryptocommunication is performed using the key (a cryptographic key / decode 
key) generated between the encryption equipment of a transmitting side, and the decryption equipment 
of a receiving side. As a gestalt of the communication link in this case, there are a gestalt which 
performs cryptocommunication by end to end, and a gestalt which performs cryptocommunication by 
arranging the communication device (following, "data encryption equipment") which performs 
encryption and a decryption of commo data, for example, a packet, on a communication path. 
[0003] 

As a procedure of generation of the key used for cryptocommunication in IP network, key exchange, and 
a key setup, various technique, such as an IKE (Internet Key Exchange: cryptographic key generation 
procedure) method, exists, for example. A transmitting side enciphers an IP packet using this generated 
key (cryptographic key), and a receiving side decrypts a packet using the key (decode key) 
corresponding to this key. 
[0004] 

By the way, when a certain failure occurs at an optimal path in the midst which is communicating using 
IP network, a communication link can be recovered, and using the backup routing function which the 
communication link repeating installation itself, such as a router, has. [ using routing protocols such as 
OSPF (Open ShortestPath First), ] That is, an alternate route can be set up automatically and a 
communication link can be recovered. Hereafter, the outline of these communication link methods of 
recovery is explained. 
[0005] 

(1) When a routing protocol is used 

As shown in drawing 6 , suppose that routers N11-N15 are connected to the node on IP network 
between a communication device Til and a communication device 12. The optimal path of forward "' 
always exchanges mutually the information [ information /, i.e., express which router and 
communication link are directly possible for each router, / the communication device Tl 1 -> router Nl 1 
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-> router N12 -> router N13 -> router N15 -> communication device T12 or its path formation 
information / information / which is reverse and has mutually each routers Nl 1-N15 ], and forms the 
optimal path between networks. 
[0006] 

In this optimal path, when a failure occurs in a router N 13, the following procedures recover a 
communication link. 

First, the normal router N12 which carries out proximal to a router N 13, for example, a router, detects 
that the failure occurred in the router N13 by the function of a routing protocol. The detection approach 
is determined by the routing protocol. The router N12 which detected the failure notifies information, 
such as "an old path was not able to be used" or "the link having been lost", to the adjoining routers Nl 1 
and N14 by the function of a routing protocol. Such notice information is relayed also to the adjoining 
router N15, and, thereby, is notified to all the routers of a routing domain (group of a router who 
delivers routing information). Thus, the path formation information which each routers Nl 1, N12, N14, 
and N15 have is updated by the information notified newly, and the reconstititution of the alternate route 
which becomes instead of a failure path, i.e., the path of the communication device Tl 1 -> router Nl 1 -> 
router N12 -> router N14 -> router N15 -> communication device T12, is carried out 
[0007] 

(2) When a backup routing function is used 

A backup routing function is in a certain router N12 in the communication system shown in drawing 6 , 
for example, a router, the case (polling (supervisory signal) the existence of a link — ) where a router N12 
detects that the failure occurred for the junction path it is based on keep alive (signal for confirming that 
the circuit is not downed) etc. — a router N12 is changed to the alternate route (backup path) set up 
beforehand based on a backup routing function, and maintains a communication link. 
[0008] 

[Problem(s) to be Solved by the Invention] 

Usually, also when a failure occurs in an optimal path, an alternate route can be formed in the midst 
which is performing not only a communication link but cryptocommunication using the above- 
mentioned function and above-mentioned backup routing function of a routing protocol. However, since 
the function of a routing protocol or the change Amotion to a backup path, and the function of 
cryptocommunication have another composition, with the existing structure, in the case of 
cryptocommunication, the enciphered IP packet (encryption data) cannot be decrypted, and it may be 
unable to continue cryptocommunication. This is explained below. 
[0009] 

Here, a communication device Tl 1 is connected to the configuration N12 shown in drawing 7 , i.e., a 
router, through data encryption equipment M21, a communication device T22 is connected to a router 
N15, and IP network configuration by which data encryption equipment M22 and M23 was connected to 
juxtaposition between the router N 12 and the router N15, respectively is assumed further. 
[0010] 

Each routers N12 and N15 and data encryption equipment M21 and M22 exchange the path formation 
information which it has mutually, suit, and form the optimal path between networks. The optimal path 
in always [ forward ], i.e., the path at the time of usually converging in a path, is the communication 
device Tl 1 -> data-encryption-equipment M21 -> router N12 -> data-encryption-equipment M22 -> 
router N15 -> communication device T12, and data encryption equipment M21 enciphers the packet 
transmitted from a communication device T22 using the key (for example, the key A) used between self- 
equipment and data encryption equipment M22. 
[0011] 

Suppose that a certain failure occurred with data encryption equipment M22, a path change was made by 
the function of a routing protocol, and the optimal path was automatically changed into the 
communication device Tl 1 -> data-encryption-equipment M21 -> router N12 -> data-encryption- 
equipment M23 -> router N15 -> communication device T12 in this condition. In this case, the key (for 
example, the key B) used between data encryption equipment M21 and data encryption equipment M23 
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differs from the key A mentioned above. However, in data encryption equipment M21, since there is no 
modification in the transmission place (communication device T12) of a packet, from the conventional 
routing protocol, it cannot recognize that the key for codes of the data transmitted to a communication 
device T12 from a communication device Tl 1 should be changed into Key B from Key A. Therefore, 
since it will be enciphered with Key A with data encryption equipment M21 and the packet concerned 
cannot decode this in the data encryption equipment M23 using Key B, cryptocommunication is 
unrecoverable after all. 
[0012] 

The tunnel mode which enciphers collectively a part for the data division of IP header which includes 
the address of a transmission place in cryptocommunication, and a packet (namely, payload), and 
communicates by attaching IP header including the address of a new transmission place (decryption 
equipment), Although the transmission place address has the transport mode which does not encipher 
but enciphers only a part for the data division of a packet, when a failure occurs with data encryption 
equipment M22 as mentioned above, with data encryption equipment M21, the need for modification of 
a key can be recognized in neither of the modes. 
[0013] 

Such a problem is produced in common, the case where a router, data encryption equipment, a 
communication device, etc. are newly extended by the part (node) which was an optimal path till then, 
when the parts of a router etc. move, and not only when a path failure occurs during 
cryptocommunication but when. It originates in having been [ this ] fixed, and the key used for 
cryptocommunication having been fixed. [ of arrangement of the router in this conventional kind of 
communication link for Takayoshi etc. ] 
[0014] 

Then, even if this invention is the case where modification arises in the arrangement configuration of the 
equipment with which the communication link for Takayoshi and cryptocommunication perform 
encryption and a decryption in a network realizable to coincidence, it makes it a main technical problem 
to offer the technique which changes the key for codes dynamically and enables it to continue 
cryptocommunication safely. 
[0015] 

[Means for Solving the Problem] 

The record medium which becomes suitable when a computer realizes the cryptocommunication 
approach by which this invention was improved in the above-mentioned technical problem for the 
solution reason, a cryptocommunication system, communication link repeating installation, and 
communication link repeating installation is offered. 
[0016] 

The cryptocommunication approach of this invention is an approach of performing communication link 
for Takayoshi, and cryptocommunication through a network realizable to coincidence. The optimal path 
on a network is formed by exchanging mutually predetermined path formation information including the 
arrangement information about arrangement of the communication link repeating installation in which 
cryptocommunication is possible among two or more communication link repeating installation, and 
suiting on a network. While performing cryptocommunication of commo data between the 
communication link repeating installation which exists in this optimal path It is characterized by 
continuing said cryptocommunication using the key fixed mutually between the communication link 
repeating installation which updates said path formation information, carries out the reconstititution of 
the new optimal path when the configuration of the communication link repeating installation on said 
network is changed, and consists in the optimal path by which the reconstititution was carried out and in 
which cryptocommunication is possible. Each communication link repeating installation records the 
identification information of the communication device or a network, when a decryption pf the 
enciphered commo data which goes to a certain communication device or network can be performed, 
and when path formation information is received from other communication link repeating installation 
and the cryptocommunication point holds the same identification information as said identification 
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information, it is made to settle between communication link repeating installation besides the above on 
a key. 

[0017] / 

The cryptocommunication system of this invention is a cryptocommunication system which performs 
cryptocommunication of commo data between the communication link repeating installation which 
forms the optimal path on the network which can realize communication link for Takayoshi, and 
cryptocommunication to coincidence, and exists in this optimal path by exchanging predetermined path 
formation information mutually among two or more communication link repeating installation, and 
suiting. The path formation information on each communication link repeating installation is what 
includes the arrangement information about arrangement of the communication link repeating 
installation in which cryptocommunication is possible on said network. At least one of two or more of 
the communication link repeating installation It is constituted so that the arrangement information after 
the modification concerned may be notified to other communication link repeating installation, when it 
detects that the arrangement configuration of the communication link repeating installation on the 
optimal path under cryptocommunication was changed. Other one [ at least ] While updating the path 
formation information on self based on said notice and carrying out the reconstititution of the new 
optimal path to it, it is characterized by being constituted so that said cryptocommunication may be 
continued using the key fixed mutually between the communication link repeating installation which 
consists in the optimal path by which the reconstititution was carried out and in which 
cryptocommunication is possible. 
[0018] 

In the communication link repeating installation which performs cryptocommunication among other 
communication link repeating installation which exists in this optimal path while the communication 
link repeating installation of this invention forms the optimal path of the commo data on a network 
based on predetermined path formation information Said path formation information is a thing including 
the arrangement information about arrangement of the communication link repeating installation in 
which cryptocommunication is possible. A means to update the contents of said arrangement 
information included in the path formation information on self when other communication link repeating 
installation which serves as a communications partner during cryptocommunication becomes 
communication link impossible, It is equipment characterized by continuing cryptocommunication using 
the key which was equipped with a means to form a new optimal path based on the path formation 
information after updating, and a means to detect other communication link repeating installation in 
which the cryptocommunication on the newly formed optimal path is possible, and was fixed between 
the detected communication link repeating installation concerned. 
[0019] 

it is the information more specifically mutually delivered and carried out among other communication 
link repeating installation based on a predetermined routing protocol, and, as for path formation 
information, the information about arrangement of the node which can perform cryptocommunication, 
and its node fix said key based on this identification information including the identification information 
of the communication path made into the object of cryptocommunication implementation. When the key 
fixed between nodes with identification information is held beforehand, the key is ****(ed), and when 
the key is not held, said key is secured by performing key generation between the nodes concerned. 
[0020] 

The updating means in communication link repeating installation deletes the arrangement information 
about it, when the communication link repeating installation used as communication link impossible is 
during cryptocommunication, when there is communication link repeating installation extended during 
cryptocommunication, it adds the arrangement information about it, and when there is communication 
link repeating installation moved during cryptocommunication, it corrects the arrangement information 
about it. 
[0021] 

The record medium which this invention offers based on predetermined path formation information 
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including the arrangement information about arrangement of the communication link repeating 
installation in which cryptocommunication is possible The function which forms the optimal path on the 
network which can realize communication link for Takayoshi, and cryptocommunication to coincidence, 
When the function to perform cryptocommunication between communications-partner equipment, and 
the configuration of said communications-partner equipment are changed, while updating the contents of 
said arrangement information included in the path formation information on self and forming a new 
optimal path based on the path formation information after updating It is the record medium with which 
the program code for forming on a computer the function which continues cryptocommunication using 
the key fixed among other communications-partner equipments which exist in this new optimal path was 
recorded and in which a computer readout is possible. 
[0022] 

[Embodiment of the Invention] 

Hereafter, the operation gestalt of this invention is explained with reference to a drawing. 
When the communication link for Takayoshi and cryptocommunication are performing 
cryptocommunication between the equipment which delivers path formation information in a network 
realizable to coincidence according to a routing protocol, the information about arrangement of the 
equipment in which cryptocommunication is possible is included in the above-mentioned path formation 
information, and it is made to make path formation information and the information about modification 
of a key link in this invention. 

For example, if it is the routing protocol of the De Dis wardrobe vector type about between what 
networks the equipment in which cryptocommunication is possible is arranged to which link, and 
cryptocommunication can be performed, if it is the routing protocol of a link state type, it will include 
which router exists in the distance vector into path formation information. And in case encryption data 
are transmitted, it enables it to perform easily newly generating, if there is no corresponding key using 
the key corresponding to the data encryption equipment of a reception place. 
In addition, use and generation of a key can use the technique generally used from the former. 
[0023] 

The above-mentioned cryptocommunication approach can be enforced by the cryptocommunication 
system constituted as shown in drawing 1 . 

Including the network configuration components of two or more routers LI 1 which intervene between 
communication device [ of the transmitting side allotted on alpha network ] Tl 1, communication device 
[ of the receiving side allotted on beta network ] T12, and these communication devices, i.e M A router, D 
router L12, B router L13, and C router L14, and others, this cryptocommunication system 1 is 
constituted so that communication link for Takayoshi and cryptocommunication can be realized to 
coincidence. 

It shall connect through a wide area network [ like the Internet ] whose alpha network and beta network 

are. 

[0024] 

Each routers LI 1-L14 are a kind of computers which have memory and CPU, and have the function of 
the routing protocol formed by reading the program code with which the CPU was recorded on the 
predetermined record medium, and performing, the function of cryptocommunication, and the function 
to make these functions cooperate. Although CPUs are cover-half record media, such as semiconductor 
memory in which a readout is possible, when mounted in a router, the record medium which recorded 
this program code circulates through portability record media, such as CD-ROM, and may be installed 
in the above-mentioned cover-half record medium at the time of mounting. 

About the function of a routing protocol, although it is fundamentally [ as the thing of the conventional 
router ] the same, it differs from the function with which the router conventional at the point of having 
made it make the functions of cryptocommunication including the following two information 
cooperating to the path formation information exchanged for other routers by the routing protocol is 
equipped. 

(1) Arrangement and Interface ID of the node (router) which can perform cryptocommunication 
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Example: "A router is in A node whose cryptocommunication is possible" 

(2) The communication path ID which the node makes the object of cryptocommunication 

implementation < 

Example: "the object (communication path ID) of the cryptocommunication in A router receives the 
communication link of alpha network and gamma network" 

The format of the data corresponding to such information becomes what was doubled with the adapted 
network protocol or the routing protocol For example, in the case of OSPF of IP network, the 
information will be included in LSA (Link State Advertisement) mentioned later. 
[0025] 

On the other hand, about the function of cryptocommunication, as each router is the following, it 
performs cryptocommunication. 

(1) To the communication link corresponding to the communication path ID for cryptocommunication 
implementation, encipher commo data, for example, a packet, and generate encryption data. 
Example: As for the packet to which the source address of the packet which passes A router belongs to 
gamma network, and the destination address belongs to beta network, it is ****(ed) and used for the key 
for the codes "which it lets be the objects of cryptocommunication since the destination address suits a 
communication path ID (2) M when the thing of a node with the communication path ID corresponding to 
a communication path is held beforehand. When the key is not held, it is performing key generation 
between the node (router), and a key is secured. 

Example: "the router in which cryptocommunication called B router is possible existed on the path 
addressed to beta network from A router, and A router knows by the routing protocol that the B router is 
considering as the object of cryptocommunication implementation to beta network. Then, the packet set 
as the object of cryptocommunication is enciphered using the key corresponding to B router." 
About the function to which both function is made to link, it mentions later. 
[0026] 

In addition, although it is desirable for all the routers LI 1-L14 to have as for the above function, the 
operation which has enciphered the packet sent from the communication device Tl 1, and is relayed and 
which is this invention even if it is the case where only the router which acts mainly has, either is 
possible. 
[0027] 

Next, the communication configuration by the cryptocommunication system 1 of this operation gestalt is 
explained. Here, the communication device Tl 1 in alpha network and the network address between the 
A routers Lll like illustration "163.135.10.0/24", The interface address between the communication 
device T12 in beta network, the B router L13, or the C router L14 "163.135.20.0/24", The interface 
address of the A router LI 1 "163.135.100.10", The interface address of the B router L13 
"163.135.200.20", The example in the case of improving the above OSPF which the network address of 
the C router L14 shall be " 163.135.300.30", and is the representation of a link state type routing 
protocol, and performing cryptocommunication is given. OSPF is indicated by the specifications 
RFC2328, RFC1 131, and STD0054 published in the international organization IETF at the detail. 
[0028] 

The example of a format of the router link LSA which each routers LI 1-L14 transmit among the path 
formation information used by OSPF, i.e., a link condition advertising packet, (LSA:Link State 
Advertisement) is shown in drawing 2 . 

This router link LSA is various link informations received and passed between proximal routers, and 
consists of a link condition header and a LSA section. Using the information which a router type, Link 
ID, link data, etc. are described by the LSA section, and is described by this, each router can recognize 
the information about arrangement of other routers, and can use now for path computation or a re- 
calculation. Drawing 3 shows the router type contents and the example of the Link ID and link data to it. 
Types 1-4 are information which the existing router possesses, and Type 5 Is the part added with this 
operation gestalt, i.e., the information relevant to cryptocommunication. By this type 5 of description, 
which router understands where cryptocommunication is performed. In Type 5, when link data are Null, 
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it is shown that somewhere which is not determined yet and cryptocommunication can be performed. 
[0029] 

LSA can send two or more link informations which it can have with each routers LI 1-L14. Therefore, if 
one router is performing cryptocommunication among two or more routers, two or more LSA(s) for 
cryptocommunication can also be specified. For example, it is shown that the router which has as the 
address "163. 135. 100. 10" which transmitted this LSA by LSA of Type 5 if Link ID is "163. 135. 100. 10" 
and link data are "163.135.20.0/24" is in the condition which can perform a phase hand with the address 
of "163,135.20,0/24" and cryptocommunication. Furthermore, it is the same to Link ID, and if there is 
LSA of link data "163.135.30.0/24", it is shown that a router "163.135.100.10" is in the condition whose 
cryptocommunication is possible also with "163.135.30.0/24" of phase hands. 
[0030] 

Such amelioration OSPF is used, and when enciphering a packet and transmitting, each routers LI 1-L14 
will declare the information on the cryptocommunication point by LSA. The information on 
cryptocommunication origin is also included in this declaration. Each routers LI 1-L14 record the 
information on the network on the own database of a router as "a cryptocommunication charge network 
(or host) 11 , when a decryption of the packet which goes to a certain network can be performed again. 
This information turns into information required in order to perform key generation between that LSA 
transmitting former routers, when each router receives the cryptocommunication LSA of other routers 
and it has the same "cryptocommunication charge network" as that cryptocommunication point. 
[0031] 

Routers are delivering the Hello packet (a thing like a keep alive signal to a contiguity router), 
respectively, and self LSA gets across to the other party by the link-Bayh-link between the routers in 
which this delivery is possible, respectively. For example, when the B router L13 and the C router L14 
are routers in which encryption and a decryption are possible, that that and it are operating normally gets 
across to the A router LI 1 through the D router L12. The A router LI 1 gets to know that it is ready for 
the router L13 to perform self "cryptocommunication charge network" and cryptocommunication by 
LSA of the B router L13, and carries out the process which generates the key for codes between the B 
routers L13. This process may be a process of key generation of generally being used. The A router LI 1 
carries out the process which generates a key also between the C routers L14 again. 
[0032] 

Drawing 4 (a) is drawing having shown the contents of the link table (former information on routing 
table) of the A router LI 1 when usually converging in a path. In the example of illustration, the A router 
LI 1 is linked with alpha network and the D router L12, and cryptocommunication charge networks are 
alpha and gamma. The B router L13 and the C router L14 are linked with beta network and the D router 
L12, and both "cryptocommunication charge networks" is beta. Or it links D router with the A router 
LI 1, the B router L13, and the C router L14 and it does not have assignment of a "cryptocommunication 
charge network", it is somewhere which is not yet determined. In addition, the "cryptocommunication 
charge network" does not necessarily need to adjoin. 
[0033] 

This link table to the A router LI 1 forms the optimal path to Network beta from Network alpha like an 
alpha network (communication device Tl 1) ->A router LI 1 ->D router L12 ->B router L13 ->beta 
network (communication device T12). 
[0034] 

On the other hand, the A router LI 1 cooperates with the link table of drawing 4 (a), and sets up an 
encryption filter like drawing 5 (a). That is, the "cryptocommunication charge network" of the A router 
LI 1 is an alpha network, and the router which makes beta a "cryptocommunication charge network" on 
a path is the B router L13. Then, the A router LI 1 generates Key a between the B routers L13 (it is **** 
(ed) when Key a is already held). The semantics of this link table is "the sending agency address's 
(network's) being alpha, and the transmission place address's (network's) enciphering the packed (alpha- 
>beta) of beta with Key a, and transmitting to the B router L13 (set peer (B))." Thereby, the 
cryptocommunication using Key a becomes possible. 
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[0035] 

Here, the case where a failure occurs in the B router L 13 is considered. 

In this case, since LSA which the B router L13 emits does not reach the D router L12 and the A router 
LI 1, the A router LI 1 recovers a path as what cannot use the B router LI 3 using the function of a 
routing protocol Drawing 4 (b) is drawing having shown the contents after renewal of the link table 
(origin of routing table) of the A router LI 1 when converging in a recovery path. Like illustration, the 
link information of the B router LI 3 is lost. Although an optimal path is changed from this link table 
like an alpha network (communication device Tl 1) ->A router LI 1 ->D router L12 ->C router L14 - 
>beta network (communication device T12), the key a which cooperates with path modification and the 
A router LI 1 uses further is made to change into Key c dynamically with this operation gestalt. 
[0036] 

That is, if the link table of drawing 4 (b) is updated, the A router LI 1 will cooperate to this, and will 
update the contents of the encryption filter like drawing 5 (b). That is, since, as for the router which 
makes beta a "cryptocommunication charge network" on a path, it turns out that it is the C router L14, 
the A router LI 1 generates Key c between the C routers L14 (it is ****(ed) when Key c is already held). 
The semantics of this link table is "the sending agency address's (network's) being alpha, and the 
transmission place address's (network's) enciphering the packet (alpha->beta) of beta with Key c, and 
transmitting to the C router L14 (set peer (B))." 
[0037] 

Thus, since a setup of an encryption filter like drawings (b) is obtained from the link table by the 
routing protocol after updating and modification of the key accompanying path modification is made 
even if a failure occurs in the B router L13 and path modification is made, cryptocommunication can be 
continued. 
[0038] 
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TECHNICAL PROBLEM 


[Problem(s) to be Solved by the Invention] 

Usually, also when a failure occurs in an optimal path, an alternate route can be formed in the midst 
which is performing not only a communication link but cryptocommunication using the above- 
mentioned function and above-mentioned backup routing function of a routing protocol. However, since 
the function of a routing protocol or the change ftmction to a backup path, and the function of 
cryptocommunication have another composition, with the existing structure, in the case of 
cryptocommunication, the enciphered IP packet (encryption data) cannot be decrypted, and it may be 
unable to continue cryptocommunication. This is explained below. 
[0009] 

Here, a communication device Tl 1 is connected to the configuration N12 shown in drawing 7 , Le., a 
router, through data encryption equipment M21, a communication device T22 is connected to a router 
N15, and IP network configuration by which data encryption equipment M22 and M23 was connected to 
juxtaposition between the router N12 and the router N15, respectively is assumed further. 
[0010] 

Each routers N12 and N15 and data encryption equipment M21 and M22 exchange the path formation 
information which it has mutually, suit, and form the optimal path between networks. The optimal path 
in always [ forward ], i.e., the path at the time of usually converging in a path, is the communication 
device Tl 1 -> data-encryption-equipment M21 -> router N12 -> data-encryption-equipment M22 -> 
router N15 -> communication device T12, and data encryption equipment M21 enciphers the packet 
transmitted from a communication device T22 using the key (for example, the key A) used between self- 
equipment and data encryption equipment M22. 
[0011] 

Suppose that a certain failure occurred with data encryption equipment M22, a path change was made by 
the function of a routing protocol, and the optimal path was automatically changed into the 
communication device Tl 1 -> data-encryption-equipment M21 -> router N12 -> data-encryption- 
equipment M23 -> router N15 -> communication device T12 in this condition. In this case, the key (for 
example, the key B) used between data encryption equipment M21 and data encryption equipment M23 
differs from the key A mentioned above. However, in data encryption equipment M21, since there is no 
modification in the transmission place (communication device T12) of a packet, from the conventional 
routing protocol, it cannot recognize that the key for codes of the data transmitted to a communication 
device T12 from a communication device Tl 1 should be changed into Key B from Key A. Therefore, 
since it will be enciphered with Key A with data encryption equipment M21 and the packet concerned 
cannot decode this in the data encryption equipment M23 using Key B, cryptocommunication is 
unrecoverable after all. 
[0012] 

The tunnel mode which enciphers collectively a part for the data division of IP header which includes 
the address of a transmission place in cryptocommunication, and a packet (namely, payload), and 
communicates by attaching IP header including the address of a new transmission place (decryption 
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equipment), Although the transmission place address has the transport mode which does not encipher 
but enciphers only a part for the data division of a packet, when a failure occurs with data encryption 
equipment M22 as mentioned above, with data encryption equipment M21, the need for modification of 
a key can be recognized in neither of the modes. 


Such a problem is produced in common, the case where a router, data encryption equipment, a 
communication device, etc. are newly extended by the part (node) which was an optimal path till then, 
when the parts of a router etc. move, and not only when a path failure occurs during 
cryptocommunication but when. It originates in having been [ this ] fixed, and the key used for 
cryptocommunication having been fixed. [ of arrangement of the router in this conventional kind of 
communication link for Takayoshi etc. ] 


Then, even if this invention is the case where modification arises in the arrangement configuration of the 
equipment with which the communication link for Takayoshi and cryptocommunication perform 
encryption and a decryption in a network realizable to coincidence, it makes it a main technical problem 
to offer the technique which changes the key for codes dynamically and enables it to continue 
cryptocommunication safely. 
[0015] 


[Translation done.] 


[0013] 


[0014] 


> 
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♦NOTICES* 

JPO and NCIPI are not responsible for any , 
damages caused by the use of this translation. 

1. This document has been translated by computer So the translation may not reflect the original 
precisely. 

2. **** shows the word which can not be translated. 
3. In the drawings, any words are not translated. 


MEANS 


[Means for Solving the Problem] 

The record medium which becomes suitable when a computer realizes the cryptocommunication 
approach by which this invention was improved in the above-mentioned technical problem for the 
solution reason, a cryptocommunication system, communication link repeating installation, and 
communication link repeating installation is offered. 
[0016] 

The cryptocommunication approach of this invention is an approach of performing communication link 
for Takayoshi, and cryptocommunication through a network realizable to coincidence. The optimal path 
on a network is formed by exchanging mutually predetermined path formation information including the 
arrangement information about arrangement of the communication link repeating installation in which 
cryptocommunication is possible among two or more communication link repeating installation, and 
suiting on a network. While performing cryptocommunication of commo data between the 
communication link repeating installation which exists in this optimal path It is characterized by 
continuing said cryptocommunication using the key fixed mutually between the communication link 
repeating installation which updates said path formation information, carries out the reconstititution of 
the new optimal path when the configuration of the communication link repeating installation on said 
network is changed, and consists in the optimal path by which the reconstititution was carried out and in 
which cryptocommunication is possible. Each communication link repeating installation records the 
identification information of the communication device or a network, when a decryption of the 
enciphered commo data which goes to a certain communication device or network can be performed, 
and when path formation information is received from other communication link repeating installation 
and the cryptocommunication point holds the same identification information as said identification 
information, it is made to settle between communication link repeating installation besides the above on 
a key. 
[0017] 

The cryptocommunication system of this invention is a cryptocommunication system which performs 
cryptocommunication of commo data between the communication link repeating installation which 
forms the optimal path on the network which can realize communication link for Takayoshi, and 
cryptocommunication to coincidence, and exists in this optimal path by exchanging predetermined path 
formation information mutually among two or more communication link repeating installation, and 
suiting. The path formation information on each communication link repeating installation is what 
includes the arrangement information about arrangement of the communication link repeating 
installation in which cryptocommunication is possible on said network. At least one of two or more of 
the communication link repeating installation It is constituted so that the arrangement information after 
the modification concerned may be notified to other communication link repeating installation, when it 
detects that the arrangement configuration of the communication link repeating installation on the 
optimal path under cryptocommunication was changed. Other one [ at least ] While updating the path 
formation information on self based on said notice and carrying out the reconstititution of the new 
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optimal path to it, it is characterized by being constituted so that said cryptocommunication may be 
continued using the key fixed mutually between the communication link repeating installation which 
consists in the optimal path by which the reconstititution was carried oufc and in which 
cryptocommunication is possible. 
[0018] 

In the communication link repeating installation which performs cryptocommunication among other 
communication link repeating installation which exists in this optimal path while the communication 
link repeating installation of this invention forms the optimal path of the commo data on a network 
based on predetermined path formation information Said path formation information is a thing including 
the arrangement information about arrangement of the communication link repeating installation in 
which cryptocommunication is possible. A means to update the contents of said arrangement 
information included in the path formation information on self when other communication link repeating 
installation which serves as a communications partner during cryptocommunication becomes 
communication link impossible, It is equipment characterized by continuing cryptocommunication using 
the key which was equipped with a means to form a new optimal path based on the path formation 
information after updating, and a means to detect other communication link repeating installation in 
which the cryptocommunication on the newly formed optimal path is possible, and was fixed between 
the detected communication link repeating installation concerned. 
[0019] 

it is the information more specifically mutually delivered and carried out among other communication 
link repeating installation based on a predetermined routing protocol, and, as for path formation 
information, the information about arrangement of the node which can perform cryptocommunication, 
and its node fix said key based on this identification information including the identification information 
of the communication path made into the object of cryptocommunication implementation. When the key 
fixed between nodes with identification information is held beforehand, the key is ****(ed), and when 
the key is not held, said key is secured by performing key generation between the nodes concerned. 
[0020] 

The updating means in communication link repeating installation deletes the arrangement information 
about it, when the communication link repeating installation used as communication link impossible is 
during cryptocommunication, when there is communication link repeating installation extended during 
cryptocommunication, it adds the arrangement information about it, and when there is communication 
link repeating installation moved during cryptocommunication, it corrects the arrangement information 
about it. 
[0021] 

The record medium which this invention offers based on predetermined path formation information 
including the arrangement information about arrangement of the communication link repeating 
installation in which cryptocommunication is possible The function which forms the optimal path on the 
network which can realize communication link for Takayoshi, and cryptocommunication to coincidence, 
When the function to perform cryptocommunication between communications-partner equipment, and 
the configuration of said communications-partner equipment are changed, while updating the contents of 
said arrangement information included in the path formation information on self and forming a new 
optimal path based on the path formation information after updating It is the record medium with which 
the program code for forming on a computer the function which continues cryptocommunication using 
the key fixed among other communications-partner equipments which exist in this new optimal path was 
recorded and in which a computer readout is possible. 
[0022] 

[Embodiment of the Invention] 

Hereafter, the operation gestalt of this invention is explained with reference to a drawing. 
When the communication link for Takayoshi and cryptocommunication are performing 
cryptocommunication between the equipment which delivers path formation information in a network 
realizable to coincidence according to a routing protocol, the information about arrangement of the 
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equipment in which cryptocommunication is possible is included in the above-mentioned path formation 

information, and it is made to make path formation information and the information about modification 

of a key link in this invention. < 

For example, if it is the routing protocol of the De Dis wardrobe vector type about between what 

networks the equipment in which cryptocommunication is possible is arranged to which link, and 

cryptocommunication can be performed, if it is the routing protocol of a link state type, it will include 

which router exists in the distance vector into path formation information. And in case encryption data 

are transmitted, it enables it to perform easily newly generating, if there is no corresponding key using 

the key corresponding to the data encryption equipment of a reception place. 

In addition, use and generation of a key can use the technique generally used from the former. 

[0023] 

The above-mentioned cryptocommunication approach can be enforced by the cryptocommunication 
system constituted as shown in drawing 1 . 

Including the network configuration components of two or more routers LI 1 which intervene between 
communication device [ of the transmitting side allotted on alpha network ] Tl 1, communication device 
[ of the receiving side allotted on beta network ] T12, and these communication devices, i.e., A router, D 
router L12, B router L13, and C router L14, and others, this cryptocommunication system 1 is 
constituted so that communication link for Takayoshi and cryptocommunication can be realized to 
coincidence. 

It shall connect through a wide area network [ like the Internet ] whose alpha network and beta network 

are. 

[0024] 

Each routers LI 1-L14 are a kind of computers which have memory and CPU, and have the function of 
the routing protocol formed by reading the program code with which the CPU was recorded on the 
predetermined record medium, and performing, the function of cryptocommunication, and the function 
to make these functions cooperate. Although CPUs are cover-half record media, such as semiconductor 
memory in which a readout is possible, when mounted in a router, the record medium which recorded 
this program code circulates through portability record media, such as CD-ROM, and may be installed 
in the above-mentioned cover-half record medium at the time of mounting. 

About the function of a routing protocol, although it is fundamentally [ as the thing of the conventional 
router ] the same, it differs from the function with which the router conventional at the point of having 
made it make the functions of cryptocommunication including the following two information 
cooperating to the path formation information exchanged for other routers by the routing protocol is 
equipped. 

(1) Arrangement and Interface ID of the node (router) which can perform cryptocommunication 
Example: "A router is in A node whose cryptocommunication is possible" 

(2) The communication path ID which the node makes the object of cryptocommunication 
implementation 

Example: "the object (communication path ID) of the cryptocommunication in A router receives the 
communication link of alpha network and gamma network" 

The format of the data corresponding to such information becomes what was doubled with the adapted 
network protocol or the routing protocol. For example, in the case of OSPF of IP network, the 
information will be included in LS A (Link State Advertisement) mentioned later. 
[0025] 

On the other hand, about the function of cryptocommunication, as each router is the following, it 
performs cryptocommunication. 

(1) To the communication link corresponding to the communication path ID for cryptocommunication 
implementation, encipher commo data, for example, a packet, and generate encryption data. 
Example: As for the packet to which the source address of the packet which passes A router belongs to 
gamma network, and the destination address belongs to beta network, it is ****(ed) and used for the key 
for the codes "which it lets be the objects of cryptocommunication since the destination address suits a 
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communication path ID (2)" when the thing of a node with the communication path ID corresponding to 
a communication path is held beforehand. When the key is not held, it is performing key generation 
between the node (router), and a key is secured. < 
Example: "the router in which cryptocommunication called B router is possible existed on the path 
addressed to beta network from A router, and A router knows by the routing protocol that the B router is 
considering as the object of cryptocommunication implementation to beta network. Then, the packet set 
as the object of cryptocommunication is enciphered using the key corresponding to B router." 
About the function to which both function is made to link, it mentions later. 
[0026] 

In addition, although it is desirable for all the routers LI 1-L14 to have as for the above function, the 
operation which has enciphered the packet sent from the communication device Tl 1, and is relayed and 
which is this invention even if it is the case where only the router which acts mainly has, either is 
possible. 
[0027] 

Next, the communication configuration by the cryptocommunication system 1 of this operation gestalt is 
explained. Here, the communication device Tl 1 in alpha network and the network address between the 
A routers LI 1 like illustration "163.135.10.0/24", The interface address between the communication 
device T12 in beta network, the B router L13, or the C router L14 "163.135.20.0/24", The interface 
address of the A router LI 1 "163.135.100.10", The interface address of the B router L13 
"163.135.200.20", The example in the case of improving the above OSPF which the network address of 
the C router L14 shall be "163.135.300.30", and is the representation of a link state type routing 
protocol, and performing cryptocommunication is given. OSPF is indicated by the specifications 
RFC2328, RFC1 131, and STD0054 published in the international organization IETF at the detail. 
[0028] 

The example of a format of the router link LSA which each routers LI 1-L14 transmit among the path 
formation information used by OSPF, i.e., a link condition advertising packet, (LSA:Link State 
Advertisement) is shown in drawing 2 . 

This router link LSA is various link informations received and passed between proximal routers, and 
consists of a link condition header and a LSA section. Using the information which a router type, Link 
ID, link data, etc. are described by the LSA section, and is described by this, each router can recognize 
the information about arrangement of other routers, and can use now for path computation or a re- 
calculation. Drawing 3 shows the router type contents and the example of the Link ID and link data to it. 
Types 1-4 arc information which the existing router possesses, and Type 5 is the part added with this 
operation gestalt, Le., the information relevant to cryptocommunication. By this type 5 of description, 
which router understands where cryptocommunication is performed. In Type 5, when link data are Null, 
it is shown that somewhere which is not determined yet and cryptocommunication can be performed. 
[0029] 

LSA can send two or more link informations which it can have with each routers LI 1-L14. Therefore, if 
one router is performing cryptocommunication among two or more routers, two or more LSA(s) for 
cryptocommunication can also be specified. For example, it is shown that die router which has as the 
address "163.135.100.10" which transmitted this LSA by LSA of Type 5 if Link ID is "163.135.100.10" 
and link data are "163. 135.20.0/24" is in the condition which can perform a phase hand with the address 
of " 163. 135.20.0/24" and cryptocommunication. Furthermore, it is the same to Link ID, and if there is 
LSA of link data "163.135.30.0/24", it is shown that a router "163.135.100.10" is in the condition whose 
cryptocommunication is possible also with "163.135.30.0/24" of phase hands. 
[0030] 

Such amelioration OSPF is used, and when enciphering a packet and transmitting, each routers LI 1-L14 
will declare the information on the cryptocommunication point by LSA. The information on 
cryptocommunication origin is also included in this declaration. Each routers LI 1-L14 record the 
information on the network on the own database of a router as "a cryptocommunication charge network 
(or host)", when a decryption of the packet which goes to a certain network can be performed again. 
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This information turns into information required in order to perform key generation between that LS A 
transmitting former routers, when each router receives the cryptocommunication LSA of other routers 
and it has the same "cryptocommunication charge network" as that cryptocommunicatiop? point. 
[0031] 

Routers are delivering the Hello packet (a thing like a keep alive signal to a contiguity router), 
respectively, and self LSA gets across to the other party by the link-Bayh-link between the routers in 
which this delivery is possible, respectively. For example, when the B router L13 and the C router L14 
are routers in which encryption and a decryption are possible, that that and it are operating normally gets 
across to the A router LI 1 through the D router LI 2. The A router LI i gets to know that it is ready for 
the router LI 3 to perform self "cryptocommunication charge network" and cryptocommunication by 
LSA of the B router LI 3, and carries out the process which generates the key for codes between the B 
routers L13. This process may be a process of key generation of generally being used. The A router LI 1 
carries out the process which generates a key also between the C routers L14 again. 
[0032] 

Drawing 4 (a) is drawing having shown the contents of the link table (former information on routing 
table) of the A router LI 1 when usually converging in a path. In the example of illustration, the A router 
LI 1 is linked with alpha network and the D router L12, and cryptocommunication charge networks are 
alpha and gamma. The B router L13 and the C router L14 are linked with beta network and the D router 
L12, and both "cryptocommunication charge networks" is beta. Or it links D router with the A router 
LI 1, the B router L13, and the C router L14 and it does not have assignment of a "cryptocommunication 
charge network", it is somewhere which is not yet determined. In addition, the "cryptocommunication 
charge network" does not necessarily need to adjoin. 
[0033] 

This link table to the A router LI 1 forms the optimal path to Network beta from Network alpha like an 
alpha network (communication device Tl 1) ->A router LI 1 ->D router L12 ->B router L13 ->beta 
network (communication device T12). 
[0034] 

On the other hand, the A router LI 1 cooperates with the link table of drawing 4 (a), and sets up an 
encryption filter like drawing 5 (a). That is, the "cryptocommunication charge network" of the A router 
LI 1 is an alpha network, and the router which makes beta a "cryptocommunication charge network" on 
a path is the B router L13. Then, the A router LI 1 generates Key a between the B routers L13 (it is **** 
(ed) when Key a is already held). The semantics of this link table is "the sending agency address's 
(network's) being alpha, and the transmission place address's (network's) enciphering the packet (alpha- 
>beta) of beta with Key a, and transmitting to the B router L13 (set peer (B))." Thereby, the 
cryptocommunication using Key a becomes possible. 
[0035] 

Here, the case where a failure occurs in the B router LI 3 is considered. 

In this case, since LSA which the B router L13 emits does not reach the D router L12 and the A router 
LI 1, the A router LI 1 recovers a path as what cannot use the B router L13 using the function of a 
routing protocol. Drawing 4 (b) is drawing having shown the contents after renewal of the link table 
(origin of routing table) of the A router LI 1 when converging in a recovery path. Like illustration, the 
link information of the B router L13 is lost. Although an optimal path is changed from this link table 
like an alpha network (communication device Tl 1) ->A router LI 1 ->D router L12 ->C router L14 - 
>beta network (communication device T12), the key a which cooperates with path modification and the 
A router LI 1 uses further is made to change into Key c dynamically with this operation gestalt. 
[0036] 

That is, if the link table of drawing 4 (b) is updated, the A router LI 1 will cooperate to this, and will 
update the contents of the encryption filter like drawing 5 (b). That is, since, as for the router which 
makes beta a "cryptocommunication charge network' ^on a path, it turns out that it is the C router L14, 
the A router LI 1 generates Key c between the C routers L14 (it is ****(ed) when Key c is already held). 
The semantics of this link table is "the sending agency address's (network's) being alpha, and the 
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transmission place address's (network's) enciphering the packet (alpha->beta) of beta with Key c, and 
transmitting to the C router L14 (set peer (B))." 

[0037] , 
Thus, since a setup of an encryption filter like drawing 5 (b) is obtained from the link table by the 
routing protocol after updating and modification of the key accompanying path modification is made 
even if a failure occurs in the B router L13 and path modification is made, cryptocommunication can be 
continued. 
[0038] 

In addition, although it assumed that modification arose in the arrangement configuration of the router in 
which cryptocommunication is possible, and the path failure by failure of a router etc. arose as an 
example in case the key used by this is changed with this operation gestalt This invention can be 
similarly applied, not only an example such but when the key to be used is changed, as a result of 
extending a router for example, on a network or moving a router to other networks from a certain 
network. That is, it is possible to continue cryptocommunication by delivering path formation 
information mutually using the function of a routing protocol, updating the arrangement information 
with each router, and forming an optimal path automatically, without setting up cryptocommunication 
by hand control. Moreover, the router concerned becomes possible [ also finding out the phase hand 
equipment which performs cryptocommunication automatically ] only by specifying the target network 
thru/or target host who performs cryptocommunication as the path formation information on a router. 
These functions are functions adapted to the actual communication configuration that the number of the 
routers connected on a certain network fluctuates continuously, and correspondence becomes possible 
easily by this also at the spread of mobile mold communication links. 
[0039] 

Although the router was mentioned as the example and this operation gestalt explained it as 
communication link repeating installation, the structure of this invention can be applied to the equipment 
at large which is in case the phase hand of cryptocommunication changes. Moreover, although it is a 
desirable gestalt to prepare the function to deliver path formation information to other equipments and 
mutual like this operation gestalt, and the function to make the key for codes change dynamically, in one 
equipment (for example, router), it is not having to make it such [ always ] a gestalt. For example, it 
does not become trouble to constitute so that the communication device connected to the router may 
have the function to change the key for codes dynamically based on the notice from a router, when 
enforcing the cryptocommunication approach of this invention. 
[0040] 

although this operation gestalt explained the example which made IP network communication media, if 
this invention is the network which can realize communication link for Takayoshi, and 
cryptocommunication to coincidence, since it is applicable irrespective of the scale - ANSE - use with 
the intranet and extranet which are a cure network is also possible. 
[0041] 

Since the mutual delivery function of path formation information like a routing protocol becomes 
application of this invention with a premise, Although it will use within the closed network which does 
not use the ISP when using other original routing protocols or using ISP (Intarnet Service Provider) 
which cannot perform interconnect of a routing protocol Even if it is the case where the ISP is used, use 
in the network beyond a closed network is also possible by relaying path formation information by the 
approach by service of ISP with a well-known tunneling technique. 
[0042] 

It can respond also to a network configuration change which are effective especially when it is changed 
frequently logically, and is called a mobile network physically [ this invention / the 
cryptocommunication point ] flexibly. 
[0043] * 

Application in the cryptocommunication commercial scene for consumer (one gestalt of use of the 
network service for an individual) is also possible for this invention again. The mainstream of the 
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cryptocommunication technique for current and an individual is SSL (Secure Socket Layer). This aims 
at performing cryptocommunication of end to end by enciphering by the communicative upper layer, 
and the terminal (communication device) itself which an individual operates enciphering commo data, 
and transmitting. It can become an effective means to make this invention apply to the network which 
the terminal (a mobile mold terminal is included) which this individual operates accesses, when 
promoting the above-mentioned network service. 
[0044] 


[Translation done.] 


http://www4.ipdl.ncipi.go.jp/cgi-bin/tran_web_cgLejje 


10/25/2006 


JP,3821990,B [DESCRIPTION OF DRAWINGS] 


Page 1 of 1 


* NOTICES * 

JPO and NCZPI are not responsible for any 
damages caused by the use of this translation. 

1. This document has been translated by computer. So the translation may not reflect the original 
precisely. 

2. **** shows the word which can not be translated. 
3. In the drawings, any words are not translated. 


DESCRIPTION OF DRAWINGS 


[Brief Description of the Drawings] 

[Drawing 1] The cryptocommunication structure-of-a-system Fig. which applied this invention. 
[Drawing 2] Drawing having shown the example of a format of the router link LS A. 
[Drawing 3] Drawing having shown the type class of router link LS A. 

[Drawing 4] For (a), (b) is the contents explanatory view of the link table used when forming the 
optimal path at the time of using a routing protocol, and the contents explanatory view of the link table 
updated at the time of failure generating. 

[Drawing 5] For (a), (b) is drawing having shown the contents of a setting of the encryption filter at the 
time of normal actuation, and drawing having shown the contents of a setting of the encryption filter 
updated at the time of failure generating. 

[Drawing 6] The network configuration Fig. for using for the explanation of the optimal-path restoration 
at the time of using a routing protocol in the former. 

fDrawing 7] It is a network configuration Fig. for using for explanation of the optimal-path restoration at 

the time of using the routing protocol and cryptocommunication in the former. 

[Description of Notations] 

1 Cryptocommunication System 

Tl 1, T12 Communication device 

L11-L14, N11-N15 Router 

M21-M23 Data encryption equipment 


[Translation done.] 
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